CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 10, 2026

CISA gives agencies until Friday to patch critical cyber bug - Federal News Network

Federal News Network Archived Jun 10, 2026 ✓ Full text saved

CISA gives agencies until Friday to patch critical cyber bug Federal News Network

Full text archived locally
✦ AI Summary · Claude Sonnet


    CYBERSECURITY CISA gives agencies until Friday to patch critical cyber bug CISA's latest emergency directive tells agencies to immediately patch critical vulnerabilities in Cisco networking devices. Justin Doubleday@jdoubledayWFED February 25, 2026 5:03 pm           The Cybersecurity and Infrastructure Security Agency is directing agencies to quickly address critical vulnerabilities in some Cisco networking systems. In an emergency directive issued today, CISA told federal agencies to inventory Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, apply updates and evaluate whether any compromises have occurred. The directive comes as hackers target SD-WAN systems across the world. The vulnerability affects Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager. In an advisory, Cisco said the vulnerability “could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.” CISA is directing agencies to patch those systems by 5 p.m. on Feb. 27.         Join us June 10 and 11 for Federal News Network's Cloud Exchange where agency and industry leaders will discuss a whole-of-government approach to cloud modernization. Register today! Nick Andersen, CISA’s executive assistant director for cybersecurity, said “forensic analysis” demonstrated that the “ease of exploiting these vulnerabilities requires immediate action from all federal agencies.” “The threat actors are seeking to gain unauthorized access to potentially compromise federal networks,” Andersen said during a call with reporters Wednesday. “Our focus right now is share timely guidance, mitigate the risk and ensure that our federal partners have the information they need to defend against the activity.” SD-WAN software allows organizations to share data and applications across disparate offices, remote workstations and other authorized devices, within both physical and cloud-based infrastructure. The use of such networking devices has increased in recent years. “The ability to orchestrate environments virtually, to interconnect offices and data centers and compute environments is one that is certainly picked up in popularity in recent years, and SD-WANs are a big part of what we know to be deployed, not just within federal civilian executive branch agencies, but more broadly across industry,” Andersen said. CISA’s directive includes several deadlines for federal agencies beyond the Feb. 27 patch deadline. By Feb. 26, agencies are required to identify any potentially affected Cisco SD-WAN systems and provide the inventory to CISA. Agencies are also required by Feb. 26 to ensure all SD-WAN systems are configured to store logs externally and collect forensic artifacts. CISA additionally provided agencies with supplemental “hunt” and “hardening” guidance for the SD-WAN systems.         Sign up for our daily newsletter so you never miss a beat on all things federal Meanwhile, agencies have been directed to send CISA a “detailed inventory” of any affected systems, the steps they have taken to apply updates and hunt for a potential compromise by March 5. And by March 12, CISA wants a report on actions agencies have taken to harden their networks from the Cisco vulnerabilities. CISA is coordinating the guidance as it also navigates a lapse in appropriations for the entire Department of Homeland Security. During the shutdown, roughly one-third of CISA’s 2,341 employees are continuing to work without pay, while the rest have been furloughed. Andersen said that shutdown disruptions “create uncertainty, strain our workforce and give adversaries unnecessary advantages, forcing frontline cybersecurity experts to perform critical work without pay.” Meanwhile, the SD-WAN vulnerability continues a trend of adversaries targeting so-called “edge devices,” as they sit at the boundary of an organization’s network and route network traffic. CISA and other cyber agencies have increasingly sounded the alarm about hackers targeting vulnerabilities in edge devices to gain a foothold and further exploit sensitive networks. Earlier this month, CISA directed federal agencies to identify and upgrade any unsupported edge devices on their networks. “We’re continuing to see adversary movement target edge devices, which is why I think we’ve both had emergency directives related to edge devices, as well as binding operational directives focused on that,” Andersen said. “Our efforts continue to minimize the available attack surface for the cyber actors to be able to take advantage of.” Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.           Justin Doubleday Justin Doubleday covers cybersecurity, homeland security and the intelligence community for Federal News Network. Follow @jdoubledayWFED Sign up for breaking news. Related Stories Getty Images/amgun Federal vulnerability management is stuck. A patch wave is coming anyway. COMMENTARY Read more Getty Images/Alex Cristi CISA chief details hiring progress, AI BOD CYBERSECURITY Read more Republican senators warn surveillance program may lapse after Trump intel pick backlash CYBERSECURITY Read more Related Topics ALL NEWS CISCO CYBERSECURITY CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY DEPARTMENT OF HOMELAND SECURITY EMERGENCY DIRECTIVE GOVERNMENT SHUTDOWN NICK ANDERSEN TECHNOLOGY WORKFORCE Around the Web UPCOMING EVENTS Building cyber resilience in the cloud Federal News Network’s Cloud Exchange 2026 Maximizing Your Federal Retirement Benefits (LIVE EVENT) Federal capital projects: Strategies for next-generation infrastructure and accountability Billington CyberSecurity Cyber and AI Outlook Series Episode 6: Securing AI for National Security: Defending Federal and Military AI Systems from Emerging Cyber Threats More TOP STORIES Federal science agencies facing a ‘generational loss,’ nonprofit says WORKFORCE OPM details changes for federal employees in Schedule Policy/Career WORKFORCE CISA chief details hiring progress, AI BOD CYBERSECURITY VA EHR rollout continues with 4 more deployments IT MODERNIZATION HASC challenges Trump's EO ending bargaining rights for DoD workers CONGRESS What we know so far from White House's Schedule Policy/Career list WORKFORCE
    💬 Team Notes
    Article Info
    Source
    Federal News Network
    Category
    ◇ Industry News & Leadership
    Published
    Jun 10, 2026
    Archived
    Jun 10, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗